公开(公告)号：US11750527B2

公开(公告)日：2023-09-05

申请号：US17231599

申请日：2021-04-15

Applicant: Citrix Systems, Inc.

Inventor： Leo C. Singleton, IV ,  Ricardo Feijoo ,  Avijit Gahtori

IPC: H04L47/78 ,  G06F9/455 ,  H04L9/32 ,  H04L67/141

CPC classification number: H04L47/781 ,  G06F9/45558 ,  H04L9/3213 ,  H04L67/141 ,  G06F2009/45583 ,  G06F2009/45595

Abstract: A method includes receiving a request from a client device to establish a first computing session for a first resource hosted on a virtual machine (VM). The method includes generating a session transfer key for accessing a second resource provided by a second resource provider. The method includes issuing instructions, to the VM that hosts the first resource, for establishing a second computing session to host the second resource, wherein the instructions include a mapping of the session transfer key to a session identifier. The method includes providing the instructions to the client device to establish the second computing session for the second resource without input for the second resource from the user of the client device. The establishment of the second computing session being between the VM and the second resource provider and based on the mapping of the session transfer key to the session identifier.

公开(公告)号：US20210234810A1

公开(公告)日：2021-07-29

申请号：US17231599

申请日：2021-04-15

Applicant: Citrix Systems, Inc.

Inventor： Leo C. Singleton, IV ,  Ricardo Feijoo ,  Avijit Gahtori

IPC: H04L12/911 ,  G06F9/455 ,  H04L9/32 ,  H04L29/08

Abstract: A method includes receiving a request from a client device to establish a first computing session for a first resource hosted on a virtual machine (VM). The method includes generating a session transfer key for accessing a second resource provided by a second resource provider. The method includes issuing instructions, to the VM that hosts the first resource, for establishing a second computing session to host the second resource, wherein the instructions include a mapping of the session transfer key to a session identifier. The method includes providing the instructions to the client device to establish the second computing session for the second resource without input for the second resource from the user of the client device. The establishment of the second computing session being between the VM and the second resource provider and based on the mapping of the session transfer key to the session identifier.

公开(公告)号：US20200084036A1

公开(公告)日：2020-03-12

申请号：US16684780

申请日：2019-11-15

Applicant: Citrix Systems, Inc.

Inventor： Bradley Markus Rowe ,  Ricardo Feijoo ,  Tom Michael Kludy ,  Ayush Jain ,  Gerald Haagsma

IPC: H04L9/32 ,  H04L9/08 ,  H04L29/06

Abstract: Methods, systems, computer-readable media, and apparatuses may provide creation and management of composite tokens for use with services in a virtual environment without the user having to re-authenticate each time the user accesses a different service. A composite identity server may receive a request to upgrade a first authentication token for a user. The composite identity server may redirect a user agent to an identity provider for authentication and, in response, may receive a second authentication token for the user. The composite identity server may send the second authentication token to a federated microservice and, in response, may receive one or more claims of the second authentication token designated for inclusion in a composite token. The composite identity server may generate a composite token including the one or more claims of the first authentication token and one or more claims of the second authentication token.

公开(公告)号：US20190097802A1

公开(公告)日：2019-03-28

申请号：US15714460

申请日：2017-09-25

Applicant: Citrix Systems, Inc.

Inventor： Bradley Markus Rowe ,  Ricardo Feijoo ,  Tom Michael Kludy ,  Ayush Jain ,  Gerald Haagsma

IPC: H04L9/32 ,  H04L9/08 ,  H04L29/06

Abstract: Methods, systems, computer-readable media, and apparatuses may provide creation and management of composite tokens for use with services in a virtual environment without the user having to re-authenticate each time the user accesses a different service. A composite identity server may receive a request to upgrade a first authentication token for a user. The composite identity server may redirect a user agent to an identity provider for authentication and, in response, may receive a second authentication token for the user. The composite identity server may send the second authentication token to a federated microservice and, in response, may receive one or more claims of the second authentication token designated for inclusion in a composite token. The composite identity server may generate a composite token including the one or more claims of the first authentication token and one or more claims of the second authentication token.

公开(公告)号：US12294575B2

公开(公告)日：2025-05-06

申请号：US17485695

申请日：2021-09-27

Applicant: Citrix Systems, Inc.

Inventor： Ayush Jain ,  Ricardo Feijoo

IPC: H04L29/06 ,  H04L9/40

Abstract: Aspects described herein may utilize self-federation in a plugin-based authentication system to support combinations of authentication processes. The authentication system may include a plugin that executes an authentication process that is a combination of two or more other authentication processes. This plugin may handle the combined authentication process by self-federating back to the authentication interface, generating its own authentication requests under each of the subsidiary authentication processes. Thus, the self-federating plugin corresponding to the combined authentication process may allow the authentication system to support authentication requests that indicate the combined authentication process. This “chained” authentication process, accomplished through self-federation, may allow the authentication system to reuse existing code paths and avoid downsides associated with duplication of code.

公开(公告)号：US11159517B2

公开(公告)日：2021-10-26

申请号：US16198249

申请日：2018-11-21

Applicant: Citrix Systems, Inc.

Inventor： Ayush Jain ,  Ricardo Feijoo

IPC: H04L29/06

Abstract: Aspects described herein may utilize self-federation in a plugin-based authentication system to support combinations of authentication processes. The authentication system may include a plugin that executes an authentication process that is a combination of two or more other authentication processes. This plugin may handle the combined authentication process by self-federating back to the authentication interface, generating its own authentication requests under each of the subsidiary authentication processes. Thus, the self-federating plugin corresponding to the combined authentication process may allow the authentication system to support authentication requests that indicate the combined authentication process. This “chained” authentication process, accomplished through self-federation, may allow the authentication system to reuse existing code paths and avoid downsides associated with duplication of code.

公开(公告)号：US11025560B2

公开(公告)日：2021-06-01

申请号：US16404007

申请日：2019-05-06

Applicant: Citrix Systems, Inc.

Inventor： Leo C. Singleton, IV ,  Ricardo Feijoo ,  Avijit Gahtori

IPC: H04L12/911 ,  G06F9/455 ,  H04L29/08 ,  H04L9/32

Abstract: A method includes receiving a request from a client device to establish a first computing session for a first resource hosted on a virtual machine (VM). The method includes generating a session transfer key for accessing a second resource provided by a second resource provider. The method includes issuing instructions, to the VM that hosts the first resource, for establishing a second computing session to host the second resource, wherein the instructions include a mapping of the session transfer key to a session identifier. The method includes providing the instructions to the client device to establish the second computing session for the second resource without input for the second resource from the user of the client device. The establishment of the second computing session being between the VM and the second resource provider and based on the mapping of the session transfer key to the session identifier.

公开(公告)号：US11522701B2

公开(公告)日：2022-12-06

申请号：US16684780

申请日：2019-11-15

Applicant: Citrix Systems, Inc.

Inventor： Bradley Markus Rowe ,  Ricardo Feijoo ,  Tom Michael Kludy ,  Ayush Jain ,  Gerald Haagsma

IPC: H04L9/32 ,  H04L9/08 ,  H04L9/40

Abstract: Methods, systems, computer-readable media, and apparatuses may provide creation and management of composite tokens for use with services in a virtual environment without the user having to re-authenticate each time the user accesses a different service. A composite identity server may receive a request to upgrade a first authentication token for a user. The composite identity server may redirect a user agent to an identity provider for authentication and, in response, may receive a second authentication token for the user. The composite identity server may send the second authentication token to a federated microservice and, in response, may receive one or more claims of the second authentication token designated for inclusion in a composite token. The composite identity server may generate a composite token including the one or more claims of the first authentication token and one or more claims of the second authentication token.

公开(公告)号：US20220014517A1

公开(公告)日：2022-01-13

申请号：US17485695

申请日：2021-09-27

Applicant: Citrix Systems, Inc.

Inventor： Ayush Jain ,  Ricardo Feijoo

IPC: H04L29/06

Abstract: Aspects described herein may utilize self-federation in a plugin-based authentication system to support combinations of authentication processes. The authentication system may include a plugin that executes an authentication process that is a combination of two or more other authentication processes. This plugin may handle the combined authentication process by self-federating back to the authentication interface, generating its own authentication requests under each of the subsidiary authentication processes. Thus, the self-federating plugin corresponding to the combined authentication process may allow the authentication system to support authentication requests that indicate the combined authentication process. This “chained” authentication process, accomplished through self-federation, may allow the authentication system to reuse existing code paths and avoid downsides associated with duplication of code.

公开(公告)号：US11108673B2

公开(公告)日：2021-08-31

申请号：US15707077

申请日：2017-09-18

Applicant: Citrix Systems, Inc.

Inventor： Thomas Kludy ,  Ricardo Feijoo ,  Ayush Jain

IPC: H04L12/26 ,  G06F11/30 ,  H04L29/08

Abstract: Methods, computer-readable media, and apparatuses for checking the health of a cloud-based component. The method includes receiving, by a health event hub as output by a first device, a request for performing a health check on a second device; outputting, by the health event hub, the request to each health checker on the network; receiving, by the health event hub, a health data response output by at least one checker that is capable of performing the health check; collecting, by the health event hub, each health data response associated with the request output by the first device that is output by the at least one health checker that is capable of performing the health check on the second device; and outputting, by the health event hub to each health data collector on the network, each health data response associated with the request output by the first device.